ghsa-j4cv-xr5r-hq23
Vulnerability from github
Published
2024-05-20 12:30
Modified
2024-05-20 12:30
Details
In the Linux kernel, the following vulnerability has been resolved:
mm/hugetlb: fix missing hugetlb_lock for resv uncharge
There is a recent report on UFFDIO_COPY over hugetlb:
https://lore.kernel.org/all/000000000000ee06de0616177560@google.com/
350: lockdep_assert_held(&hugetlb_lock);
Should be an issue in hugetlb but triggered in an userfault context, where it goes into the unlikely path where two threads modifying the resv map together. Mike has a fix in that path for resv uncharge but it looks like the locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd() will update the cgroup pointer, so it requires to be called with the lock held.
{ "affected": [], "aliases": [ "CVE-2024-36000" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-20T10:15:14Z", "severity": null }, "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix missing hugetlb_lock for resv uncharge\n\nThere is a recent report on UFFDIO_COPY over hugetlb:\n\nhttps://lore.kernel.org/all/000000000000ee06de0616177560@google.com/\n\n350:\tlockdep_assert_held(\u0026hugetlb_lock);\n\nShould be an issue in hugetlb but triggered in an userfault context, where\nit goes into the unlikely path where two threads modifying the resv map\ntogether. Mike has a fix in that path for resv uncharge but it looks like\nthe locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd()\nwill update the cgroup pointer, so it requires to be called with the lock\nheld.", "id": "GHSA-j4cv-xr5r-hq23", "modified": "2024-05-20T12:30:30Z", "published": "2024-05-20T12:30:30Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36000" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/4c806333efea1000a2a9620926f560ad2e1ca7cc" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/538faabf31e9c53d8c870d114846fda958a0de10" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/b76b46902c2d0395488c8412e1116c2486cdfcb2" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/f6c5d21db16a0910152ec8aa9d5a7aed72694505" } ], "schema_version": "1.4.0", "severity": [] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.